3 Good Examples of GDPR Breach Notification Emails | DMA
DMA - Data and Marketing Association

Filter By

Show All
X
Start Contributing
My Contributions
X
X

Connect to

X

Three Good Examples of GDPR Breach Notification Emails

19 Sep 2018


The GDPR may have made you focus on your mailing lists, but the GDPR has brought a whole range of new rules. One of them is breach notification. If you or your technology providers suffer a data breach you may need to reach out to all your customers, subscribers and everyone else still in your system. You can find the full notification requirements here: ICO: Personal data breaches

The difficult thing with breach notifications is getting that wording right so here are three recent examples that I think are worth sharing and why I think they’re effective.


Example 1: British Airways (BA)

Subject line: Theft of Customer Data

The subject line is clear, the copy is minimal and overall it gets right to the point. Whilst reassuring the customer that the matter is resolved, it also gives customers advice on how to reduce risk.

I think it’s great that they include a link for further information where customers can get the latest details. The email would be more useful if the link directed to the dedicated page opposed to BA’s homepage where customers need to scroll down to find the link.

Example 2: American Express

Subject line: We are protecting your Account

Leading on from British Airway’s example, as a partner company American Express did a fantastic job in giving customers the additional reassurance that they are protected by their credit card provider too.

The banner does a great job to help reinforce the brand’s message strengthened with a prominent link to their privacy policy.

Example 3: Superdrug

Subject line: Security Notice

Information of the breach is provided with detail but Superdrug bolded important points making the email skimmable.

As with BA’s example, addressing the email from the CEO helps to highlight that the data breach is addressed with importance.

Superdrugs could consider a subject line or header that is more specific to the breach and not repeated (“Security Notice”) to easily give customers more information at a glance.


In all cases the email is simple, short and the language used is clear. In line with the examples shared, in an unfortunate data breach situation you could use this template for your notification email:

- What happened
- What information was involved
- What are you doing
- What can individuals do
- More information including contact details

Importantly, write your copy as if you’re talking to an actual person.

For examples of re-permissioning emails for GDPR, see this guide here

Rin Chau Rin Chau

Emarsys UK Ltd
Deliverability Consultant

Hear more from the DMA

Join the DMA

Through a DMA Corporate Membership your organisation gains accredited status, showing potential clients and the wider UK data and marketing industry that you uphold the highest marketing standards in all that you do. A DMA Corporate Membership also offers you:

  • Expert thought-leadership and insight
  • Compliance and legal support
  • Events and networking
  • Best practice guides
  • Access to the DMA Awards case study library of the most inspirational campaigns in the business

Complete the enquiry form below and a member of our Commercial team will contact you to see how we can help:

Privacy Notice:

We would like to keep in touch with you to tell you about our latest news, research insights, learning opportunities, DMA membership and expert-led events from the DMA.

If you do not want to hear from us going forward, please tick the relevant boxes below:

Privacy Policy:

You can change your mind at any time. To learn more about how we handle your data, please refer to our privacy policy.

Expand

Copyright DMA 2024 © All Rights Reserved